Client-side security key generation
First Claim
1. A method comprising:
- receiving an initial request to access an application server by an application executing on a client device, the application including a security component comprising security code that operates on at least one parameter value;
in response to the initial request, providing the application one or more parameter values comprising a first parameter from which the security component can generate a secret cryptographic key at the client device by executing the security code by processing the first parameter with other data available at the client device;
receiving a security key used to sign a signed request by the application to the application server, the security key comprising data associated with the signed request that is encrypted using the secret cryptographic key;
generating the secret cryptographic key independently of the client device;
decrypting the security key after independently generating the secret cryptographic key;
checking if the security key is valid by using the secret cryptographic key to decrypt the security key and, after decrypting, analyzing the security key to determine whether the security key contains data collected at the client device that does not match a pattern of data collected when the request is generated by malware executing on the client device;
in response to determining that the security key is valid, causing processing of the request by the application server;
wherein the method is performed by one or more processors.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques are provided for client-side security key generation. An initial request is received from an application executing on a client device. The application includes a security component includes security code. In response to the initial request, a key component is generated. The key component includes one or more parameters from which a valid security key can be generated at the client device by executing the security code. The key component is provided to the client device. A security key associated with a request from the client device to an application server is received. The security key is checked for validity. In response to determining that the security key is valid, processing of the request by the application server is caused.
15 Citations
18 Claims
-
1. A method comprising:
-
receiving an initial request to access an application server by an application executing on a client device, the application including a security component comprising security code that operates on at least one parameter value; in response to the initial request, providing the application one or more parameter values comprising a first parameter from which the security component can generate a secret cryptographic key at the client device by executing the security code by processing the first parameter with other data available at the client device; receiving a security key used to sign a signed request by the application to the application server, the security key comprising data associated with the signed request that is encrypted using the secret cryptographic key; generating the secret cryptographic key independently of the client device; decrypting the security key after independently generating the secret cryptographic key; checking if the security key is valid by using the secret cryptographic key to decrypt the security key and, after decrypting, analyzing the security key to determine whether the security key contains data collected at the client device that does not match a pattern of data collected when the request is generated by malware executing on the client device; in response to determining that the security key is valid, causing processing of the request by the application server; wherein the method is performed by one or more processors. - View Dependent Claims (2, 3, 4, 5, 6, 7, 15, 16, 17, 18)
-
-
8. A computer system comprising:
-
one or more hardware processors; a memory coupled to the one or more hardware processors and storing one or more instructions which, when executed by the one or more hardware processors, cause the one or more hardware processors to; receive an initial request to access an application server by from an application executing on a client device, the application including a security component comprising security code that operates on at least one parameter value; in response to the initial request, providing the application one or more parameter values comprising a first parameter from which the security component can generate a secret cryptographic key at the client device by executing the security code by processing the first parameter with other data available at the client device; receive a security key used to sign a signed request by the application to the application server, the security key comprising data associated with the signed request that is encrypted using the secret cryptographic key; check if the security key is valid by using the secret cryptographic key to decrypt the security key and, after decrypting, analyzing the security key to determine whether the security key contains data collected at the client device that does not match a pattern of data collected when the request is generated by malware executing on the client device; in response to determining that the security key is valid, cause processing of the request by the application server. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification